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) ^ ' We present the definition of the logical framework TF, the Type Framework. 

^-\ , TF is a lambda-free logical framework; it does not include lambda-abstraction 

00 ' or product kinds. We give formal proofs of several results in the metatheory of 

TF, and show how it can be conservatively embedded in the logical framework 
LF: its judgements can be seen as the judgements of LF that are in beta-normal, 
eta-long normal form. We show how several properties, such as the injectivity 
of constants and the strong normalisation of an object theory, can be proven 
more easily in TF, and then 'lifted' to LF. 
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1. Introduction 



A logical framework is a typing system intended as a meta-language for the 
specification of other formal systems, which may themselves be type theories 
or other systems of logic, such as predicate logic. Traditionally, logical frame- 
QQ ' works are based on a typed lambda calculus; variable binding is represented 

f^ , by lambda-abstraction in the framework, and substitution by application in the 

framework. The correspondence between the object theory and its representa- 
tion in the framework is not exact: each entity of the object theory is represented 
^^ ' by more than one object in the framework — typically, /37y-convertible objects 

represent the same entity of the object theory — and there are objects in the 
framework (such as partially applied meta-functions) that do not correspond 
to any entity of the object theory. It is therefore necessary to prove adequacy 
theorems establishing the relationship between an object theory and its rep- 
resentation in a logical framework; and these theorems are notoriously often 
difficult to prove. 
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It is possible to construct a logical framework that does not employ all the ap- 
paratus of the lambda calculus. We can construct logical frameworks that do not 
make use of abstraction and substitution, but instead involve only parametrisa- 
tion and the instantiation of parameters. We shall call these lambda-free logical 
frameworks. They can be seen as frameworks that only use /3-normal, 77-long 
normal forms. Lambda-free frameworks provide a more faithful representation 
of an object theory — there is a one-to-one correspondence between the objects 
of the framework and the terms and types of the object theory. Because of this, 
many results including adequacy theorems are easier to prove in a lambda-free 
framework. 

It is often possible to embed a lambda-free framework L within a traditional 
framework F; that is, to provide a translation from L into F such that the 
derivable judgements of L map onto exactly the derivable judgements of F that 
are in normal form. F can then be seen as a conservative extension of L. Once 
this embedding has been established, we can 'lift' results from L to F: that is, 
we can prove a result for L, and then deduce that the corresponding result holds 
for f as a corollary. 

There is a price to be paid for using a lambda-free framework: the early 
metatheoretic results are much more difficult to establish, as is the soundness 
of the embeddings discussed above. But this is a 'one-time' cost; once this price 
has been paid, it is comparatively easy to prove many results in the lambda-free 
framework, and then lift them to the traditional frameworks. 

1.1. Background and Outline 

The term 'lambda-free logical framework' was first use to describe the frame- 
work PAL"*" [jj, which uses paramctrisation and definitions as its basic notions 
rather than lambda-abstraction. In PAL+, however, it is possible to form ab- 
stractions (using parametric definition) that can then be applied to objects. 

We are using the phrase 'lambda-free logical framework' in a stricter sense, 
to describe a framework which does not permit abstractions to be applied to 
objects, and which therefore contain no framework-level notion of reduction. We 
shall use the phrase 'traditional framework' throughout this paper to denote a 
logical framework that is not lambda-free, such as the Edinburgh LF [2] or 
Martin-Lof's Logical Framework [3|. When we represent a formal system S 
within a logical framework F, the system S is referred to as the object theory. 

The framework TF first appeared in an unpublished note by Aczel [j| . It was 
developed by myself in my thesis [5| . In particular, I introduced the set of arities 
to organise the grammar, and made explicit the definition of instantiation. 

In Section 2, we give the formal definition of TF, and describe how a type 
theory may be specified in TF. In Section 3, we begin to prove the metatheoretic 
properties of TF. We would like to prove that these properties hold under an 
arbitrary type theory specification in TF. However, for most of the properties 
considered in Section 3, we are at present only able to prove them for two large 
classes of specifications — those with no equation declarations, and those which 



do not involve variables of order 2 or higheo The proofs are given in Section 
3, with the more technical proofs given in the Appendix. 

In Section 4, we describe a second lambda-free logical framework TFk, which 
is a Church-typed version of TF; that is, the bound variables are labelled with 
their kinds. We define translations between TF and TFk in Section 4. It is 
often very convenient to have these two versions of TF available, and to be able 
to move between them at will. 

In Section 5, we show how TF may be embedded in LF, a Church-typed 
version of Martin-Lof's Logical Framework [6|. We do so by defining a trans- 
lation from TFk to LF and from LF to TF, taking advantage of the results of 
Section 4. We show how this embedding allows results to be lifted; that is, a 
result may be proven to hold for TF, and the fact that it holds for LF follows as 
an easy corollary. We demonstrate this for two results: the injectivity of type 
constructors, and strong normalisation of an object theory. 

In Section [6l we describe two other frameworks that have appeared in the 
literature which are lambda-free logical frameworks in the stricter sense: the 
Concurrent Logical Framework (Concurrent LF) 0, H and DMBEL 0, |I3|. 
In both of these frameworks, abstractions may be formed, and a constant or 
variable may be applied to an abstraction, but abstractions may not themselves 
be applied to objects. 

Each of these may be conservatively embedded in TF. That is, we can find a 
subsystem S of TF such that there exist bijective translations between Concur- 
rent LF and S, and such that TF is a conservative extension of S. Likewise, we 
can find a subsystem S' such that there exist bijective translations between DM- 
BEL and S", and such that TF is a conservative extension of S". It is possible to 
find many such subsystems of TF, which all extend one another conservatively; 
this idea, called a 'modular hierarchy of logical frameworks', was described in 
Adams 11 1 and the formal details given in Adams [^. We give the details in 



the case of Concurrent LF and DMBEL in Section [G] 

Abbreviation. Throughout this paper, the phrase 'induction hypothesis' shall 
be abbreviated to 'i.h.'. 



2. The Type Framework TF 

We present our first example of a lambda-free framework, the Type Frame- 
work TF. The framework TF includes nothing but what is essential for repre- 
senting an object theory. In particular, it contains neither lambda-abstraction 
nor local definition; its basic concepts are parametrisation, the instantiation of 
parameters, and the declaration of equations. 



^In Adams [3, the properties in Section 3 were claimed to hold under an arbitrary speci- 
fication, but a mistake has since been found in the proof. 



2.1. Grammar 
2.1.1. Arities 

We begin by introducing the set of arities, with which we shall organise the 
syntax of TF. 

The arities are defined inductively thus: 

If ai, . . . , a„ are arities, then (ai, . . . , a„) is an arity. 

The base case of this definition is the case n — 0, yielding the arity (), which 
we shall write as 0. The next arities that can be formed are 



(0,...,0) 

for positive n; we shall write this arity as n. The next arities that can be formed 
are (rii, . . . , nk), and so forth. 

The intuition behind the arities is that an (ai, . . . , a„)-ary function is a 
function that takes n arguments — namely an ai-ary function, . . . , and an 
a„-ary function — and returns an entity (term or type) of the object theory. 
In particular, a 0-ary (or base) function is just an entity of the object theory; 
a 2-ary function is a binary operation on the entities of the object theory; and 
so forth. 

We denote by a(3 the concatenation of the two arities a and /3: 

(ofi, . . . ,amT{Pi, . . . ,/3„) = (ofi, . . . ,«„,/?!, . . . ,/3„) . 

We also ascribe an order to each arity as follows: 

• The only Oth-order, or base, arity is 0. 

• If the highest order among the arities ai, . . . , a„ is /c, then (ai, . . . , «„) 
is a fc + Ist-order arity. 

For example, the first-order arities are those of the form n for positive n, and 
the second-order arities are those of the form (rii, . . . , nk) where at least one rii 
is positive. 

We say the arity a is a subarity of the arity /? if a occurs inside (3. We say 
a is a proper subarity of /3 if o; is a subarity of /? and a^ [3. 

2.2. Objects 

The objects of TF are expressions intended to represent the terms and types 
of the object theory. They are built up from variables and constants, to each of 
which is assigned an arity. The constants shall be used for the type constructors 
and term constructors of the object theory. The variables shall be used as the 
variables of the object theory. 



The set of objects is defined by the following inductive definition: 
If z is an a-ary constant or variable, where 

a = ((an, . . . ,airi), • • • , (a^i, • • • ,a„r„)) , 
then 

z\{Xxi, ■■■, XirJAfl, . . . , [Xnl, ■ ■ .,XnrJMn] (1) 

is an object, where each Xij is an ai^-ary variable, and each Mi an 
object. Each Xij is bound within the corresponding object Mi, and 
we identify objects up to a-conversion. 

The base case of this definition is that, if z is a base variable or constant 
(that is, a 0-ary variable or constant), then z[] is an object; we shall henceforth 
write this object as just z. Likewise, if z is an n-ary variable or constant, then 
z[[]il/i, . . . , []M„] is an object for any objects Mi, . . . , M„; we shall write this 
object simply as z[Mi, . . . , M„]. 

The subexpressions of the object H]) such as [xi, . . . ,Xr]M are not first- 
class entities of TF; they cannot occur except as arguments to some variable 
or constant z. Nevertheless, it shall be convenient to have some way of refer- 
ring to these pieces of raw syntax. We shall therefore introduce the following 
terminology: 

• An (ai, . . . , Q;„)-ary variable sequence is a sequence of n distinct variables 
(xi, . . . ,Xn), where Xi has arity ai. 

• An a-ary abstraction is an expression of the form [xJM, where x is an 
a-ary variable sequence, and M an object. We take each member of x 
to be bound within this abstraction, and identify abstractions up to a- 
conversion. 

• An (ofi, . . . , a„)-ary abstraction sequence is a sequence (Fi, . . . , Fn), where 
Fi is an a^-ary abstraction. 

Thus, an object has the form z[F], where z is an a-ary variable or constant, 
and F an a-ary abstraction sequence. We shall often write this object as just 
zF. 

We note that the only expressions that can occur as arguments to a symbol 
are abstractions. In the situations where we would naturally wish to write a 
variable or constant in an argument position, we instead write its rj-long form. 

Definition2.1 (77-long Form). Given any a-ary variable or constant z, the rj- 
long form z'' of z is the a-ary abstraction defined by recursion on a as follows: 
If a = (ai, . . . , a„), then 

Z = [Xi , . . . , a;nj^[2^i J ■ ■ ■ : ^n\ ' 

where each Xi is an a^-ary variable. (By a-conversion, it does not matter which 
variables we choose.) 



2.3. Hereditary Substitution and Employment 

We cannot use the familiar operation of substitution in TF. The result of 
substituting an abstraction [y\M for the variable x in the object xF is not an 
object of TF; rather, it would be a /?-redex. 

Instead, we introduce an operation that we name instantiation. The op- 
eration of instantiating an abstraction F for a variable x can be thought of 
as substituting F for x, then reducing to normal form (that is, /3-normal, 
77- long form). However, we note that the definition docs not use any notion 
of reduction. 

Definition2.2 (Instantiation). Given an a-ary abstraction F, an a-ary vari- 
able x, and an object N, the object {F/x}N, the result of instantiating F for 
a; in TV, is defined by recursion firstly on the arity a, secondly on the object iV, 
as follows: 

{F/x}z[Gi, . . . , G„] = z[{F/x}Gi, ..., {F/x}Gn] [z ^ x) 

If F= [ti,...,t„]P, then 

{F/x}x[Gu . . . , G„] = {{F/x}Gi/ti} ■ ■ ■ {{F/x}Gn/tn}P ■ 

We assume here, through a-conversion, that no ti occurs free in any Gj . 

We shall also introduce a notational convention that shall play the role of 
abstraction: if x is an a-ary variable and F a /3-ary abstraction, then [x]F is an 
(a)'/3-ary abstraction, defined by 

[x][yi,...,yn]M =[x,yi,...,yn]M . 

Finally, we define an operation, which wc shall call employment, to play the 
role usually taken by application. The result of employing F on G, denoted 
F • G, can be thought of as the normal form of the application FG. The 
definition is: 

Definition2.3 (Employment). Given an {ay/3-a.ry abstraction [x]F and an 
a-ary abstraction G, the /3-ary abstraction F • G, the result of employing [x\F 
on G, is defined by 

{[x]F) • G = {G/x}F . 

We have used our newly introduced notation [x]M in this definition; written 
out in full, the above equation is 

{[x, yi, . . . , y„]M) • G = [yi, ..., y„]{G/x}M . 

We shall abbreviate the repeated use of employment as follows: if G is the 
abstraction sequence (Gi , . . . , G„ ) , then F»G abbreviates F»Gi»G2»---»G„, 
that is, 

((•••(^.Gi).G2)«---)«G„ . 



Remark. We note that there is a strong correspondence between our syntax and 
the simply-typed lambda calculus. Our arities correspond to the types of the 
simply-typed lambda calculus, and our abstractions to the terms. Instantiation 
corresponds to the strategy of innermost reduction. Thus, the fact that our 
definition of instantiation is total corresponds to the fact that the simply-typed 
lambda calculus is weakly normalisable. 

24. Kinds 

A base kind in TF is either the symbol Type, or has the form El (A) for some 
object A. The intention is that each type T of the object theory is represented 
by an object |T] of kind Type; the terms of type T are then represented by 
the objects of kind El (|T]). 

In addition to these, we introduce a set of a-ary product kinds for every arity 
a. These shall be used to give kinds to the variables and constants of higher 
arity. The definition is by recursion on a: 

An (ai, . . . , a„)-ary product kind is an expression of the form 

(xi :Xi,...,x„:X„)T (2) 

where the XiS are distinct variables, xt being of arity at] each Ki is 
an a^-ary product kind; and T is a base kind. 

We take each variable Xi to be bound within Ki^i, i^i+2, . . . , Kn and T in this 
product kind, and identify product kinds up to a-conversion. 

The intuition is that the kind ([2]) represents the collection of functions 
that take n arguments — namely Fi of kind Ki, F2 of kind {Fi/xi}K2, ■ ■ ■ , 
and Fn of kind {Fi/xi, . . . , Fn-i/xn-i}Kn — and returns an object of kind 
{Fi/xi,.. .,F„/x„}r. 

li K = {xi : Ki,...,Xn ■ Kn)T, then we shall write {y : J)K for 
{y : J,xi : Ki, . . .,x„: Kn)T. 

Just as with abstractions, so the product kinds of non-zero arity are not 
considered first-class entities of TF; only the base kinds are. We shall however 
make use of the higher product kinds to give kinds to the variables and constants 
of higher arity. We shall even talk of an abstraction being a member of a product 
kind; however, this shall not be represented by a primitive judgement form of 
TF. 

Contexts. A context T in TF is a sequence of the form: 

xi : Ki, ... ,Xn : Kn 

where the XiS are distinct variables, and each Xi has the same arity as the 
corresponding product kind Ki. If each Xi has arity a^, we say the context F 
has arity (ai, . . . , a„), and its order o(F) is then the order of (ai, . . . , a„). The 
variable sequence (xi, . . . ,Xn) is called the domain of the context F, domF. 

Thus, an a-ary kind has the form (F)T, where F is an a-ary context and T 
a base kind. 



2.5. Judgement Forms 

There are three prim,itive judgem,ent forms in TF: 

r vaUd 

r h M:T 

r h M = N -.T 

where F is a context, M and A'^ are objects, and T is a base kind. These are 
intended to express that F is a vahd context; that the object M has kind T 
under the context F; and that the objects M and N are equal objects of kind 
T under F, respectively. 

We now introduce defined judgement forms to deal with the abstractions 
and product kinds of higher arity: 

F Ih X kind; Tlh K = K'; Tlh F : K; T \h F ^ G : K . 

Each of these judgements is defined to be a set of primitive judgements. We 
shall always use the double turnstile Ih to indicate a defined judgement form. 
For any base kind T, the defined judgement F Ih T kind is defined as follows: 

(F Ih Type kind) == {F valid} 

(F Ih El (A) kind) = {F h A : Type} 

For any a-ary product kind K, the judgement F Ih if kind is defined by: 

(F Ih (A)r kind) = (F, A Ih T kind) . 

Equality of base kinds is defined by: 

(F Ih Type = Type) = {F valid} 
(FlhEl(^) =E1(B)) = {Fh^ = B:Type} 

We leave 'F Ih Type = El (S)' and 'F Ih El (A) = Type' undefined. 
Equality of product kinds and contexts is defined recursively by 

(F Ih (A)r = (A')T') = (Flh A = A')U{Flh T = T'} 

(Flh () = ()) = {F valid} 

{r\^ A,x:K^A',x:K') = (F Ih A = A') U (F, A Ih if == i\:') 

For example, the defined judgement F Ih (x : A)B = (x : C)D is defined to 
be the set 

{F valid, Th A = C : Type, T,x: Ah B = D : Type} . 

The judgement F Ih (x : A)B ~ (x : C)Type is undefined. 



We introduce defined judgement forms T \\- F : K and T \\- F ^ G : K for 
the inhabitation of a product kind K by an abstraction F, and the equaUty of 
two abstractions F and G of product kind K; here, F, G and K must all have 
the same arity. 

(r Ih [x]M : (A)T) = {r, A h Af : T} 

(r Ih [x]M = [x]N : (A)T) = {F, A h Af = TV : T} 

We assume here that we have applied a-conversion to ensure that the same 
variable sequence x is used in both [x]P and [x\Q, and is also the domain of the 
context A. 

Finally, we introduce judgement forms 

• r Ih i^ :: A, denoting that F satisfies the context A; that is, F is a 
sequence of abstractions whose kinds are those given by the context A; 

• r \h F ~ G :: A, denoting that F and G are two equal abstraction 
sequences that satisfy A. 

The judgement forms are defined as follows: 
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2. 6. Rules of Deduction 

We are finally able to give the rules of deduction of TF. They are listed in 
FigureHJ They consist of the rules (emp) and (ctxt) determining when a context 
is valid; (var) and (var_eq), the typing and congruence rules for the application of 
a variable; (ref), (sym) and (trans), which ensure that the judgemental equality 
is an equivalence relation; and (conv) and (conv_eq), which ensure that equal 
kinds have the same objects. 

We note in passing how few rules there are compared to logical frameworks 
of similar expressiveness such as LF [6( and ELF [2]- In particular, the two rules 
(var) and (var_eq) do all the work normally done by the rules governing typing 
and congruence of applications and abstractions, and /9- and 77-contractions. We 
have shifted this burden from the rules of deduction to the syntax. 

2.6.1. Type Theory Specifications 

An object theory is represented in TF by extending the logical framework 
with several new rules of deduction, representing the formation of the terms and 
types of the object theory and the computation rules of the object theory. 
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r h Af = P : T 






(conv) 


r h M : El (A) r h A = B : Type 
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r h A// = AT : El (B) 



Figure 1: Rules of Deduction of TF 
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Formally, a type theory specification in TF is a set of declarations, of two 
possible forms: 

• constant declarations of the form 

c: K 
where c is a constant and K a kind of the same arity; and 

• equation declarations of the form 

{A){M = N -.T) 
where A is a context, M and N objects and T a base kind. 

The intention is that the constant declarations represent the term- and type- 
constructors of the object theory, and the equation declarations represent the 
computation rules of the object theory. 

Making the constant declaration c : (A)r has the effect of adding the follow- 
ing two rules of deduction to the framework (c.f. the rules (var) and (var_eq)): 

rihF::A F Ih F == G :: A 

(const) (const_eq) 



F h cF : {F/A}T F h cF = cG : {F/AjT 

Making the equation declaration (A)(M — N : T) has the effect of adding 
the following rule to the framework: 

FlhF:: A 
(eq). 



F h {F/A}Af = {F/A}7V : {F/A}T 

We define the order o{5) of a declaration as follows: the order of c : if is 
the order of K, and the order of (A)(M = TV : T) is the order of A. The order 
o{T) of a type theory specification T is the largest n such that T contains a 
declaration of order n, or lu if there is no such maximum. 

2. 7. Representing Object Theories in TF 

TF is intended for representing type theories that have judgements of the 
following forms: 

xi:Ai,...,x„:A^hM:B (3) 

xi:Ai,...,Xn:An^M^N:B (4) 

Given such a type theory T that we wish to represent in TF, we begin by 
forming the appropriate specification. There will be one constant declaration 
for each constructor in the grammar of T, and one equation declaration for each 
computation rule in T. 
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We make these declarations in such a way that: 

• the objects of kind Type correspond to the types of T; 



• 



if the object M : Type corresponds to the type A, then the objects of 
kind El {M) correspond to the terms of type A; 



• the judgements of T of the form (|2.7p correspond to the TF judgements 
of the form 

xi : El (Ai) , . . . , x„ : El (A„) h Af : El [B) ; (5) 



• the judgements of T of the form (|2.7p correspond to the TF judgements 
of the form 

a:i :El(Ai),...,:E„:El(A„)hAf = Ar:El(B) . (6) 

To specify type theories such as the Calculus of Constructions [1^, ECC 
[6| or Martin-Lof's Type Theory without W-types [3| requires a second-order 
specification. To specify Martin-Lof's Type Theory with W-types requires a 
third-order specification. To specify UTT |6| requires a specification of order uj. 
These examples are described in more detail in Adams [5]. 

Note that the judgements of TF that represent the judgements of the ob- 
ject theory, those of form ([5]) or ([6]), have first-order contexts. This will be 
important in the following section. For many of the metatheoretic properties 
we investigate, we shall be able to prove that they hold for judgements with 
first-order contexts, but they have not yet been proved to hold for judgements 
with contexts of order > 2. 



3. Metatheory 

We can now begin to investigate the metatheoretical properties of this sys- 
tem. Many of these properties are more difficult to prove than the correspond- 
ing properties of a traditional logical framework; in particular, it is often the 
case that several properties need to be established simultaneously by a single 
induction. This should be seen as the 'one-time' cost of using a lambda-free 
framework. 

3. 1 . Grammar 

We begin by demonstrating some properties of the operations of instantiation 
and employment. Many of them are analogous to properties of substitution in 
more familiar languages; we shall point out these analogies as we proceed. 
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Lemma 3.1 Let FV (X) denote the set of free variables in the object or ab- 
straction X . 

1. FV {{F/x}N) C (FV {N) \ {x}) U FV (F) 

2. FV (F . G) C FV (F) U FV (G). 

Proof. Part 1 is proved by induction on the object N . Part 2 follows directly. 

The following is the analogue of the result that, if x is not free in iV, then 

[M/x\N = N. 

Lemma 3.2 If x does not occur free in M, then 

{F/x}M = M . 
Proof. This is easily proven by induction on the object M . 

Part 1 of the next lemma is the analogue of the famous Substitution Lemma. 

Lemma 3.3 Let a, (3 and 7 be arities. Let F be an a-ary abstraction, G a 
/3-ary abstraction, and H a {(if^-ary abstraction. Let x be an a-ary variable 
and y a P-ary variable, with x ^ y. Let M be an object. 

1. If X and y are distinct variables, and y does not occur free in M, then 

{F/x}{G/y}M = {{F/x}G/y}{F/x}M . 

2. {Flx}{H • G) = {{F/x]H) • {F/x}G. 

Proof. Both parts are proved simultaneously by induction on the sum of the 
orders of a and [3. 

Part 1 of the next lemma is the analogue of the fact that [M/x\x = M . Part 
3 is the analogue of the fact that [x/x\M = M . 

Lemma 3.4 Let a be an arity. 

1. For any a-ary variable x and a-ary abstraction F , {F/x}x^ = F . 

2. For any a-ary variable x and a-ary abstraction sequence F, x^ • F = xF. 

3. For any a-ary variable x and object M, {x""' /x}M = M . 

Proof. The three parts are proven simultaneously by induction on a. Part 3 
requires a secondary induction on the object M. 



13 



3.2. Metatheoretic Properties 

The following results are true in TF. 

Theorem 3.5 

1. (Context Validity) Every derivation of a judgement of the form F, A |- J 
ha.s a subderivation ofT valid. 

2. Every derivation ofT,x:K,A\-J has a .subderivation ofT\\-K kind. 

3. IfT\- J is derivable, then every free variable in the judgement body J is in 
the domain of F . 

4. IfT,x : K,A valid, then every free variable in K is in the domain ofV. 

5. (Weakening) IfTh J,r CA and A valid, then A h J. 

6. (Generation) // F h xF : T , then there is a declaration x : {A)S in F, 
where 

FlhF:: A, T\V {F/A}S = T . 

7. (Generation) //F h cF : T , then a constant declaration c : {A)S has been 
made, where 

FlhF:: A, F Ih {i?/A}5 = T . 

8. IfTh M -.T andVh M :T', then F Ih T = T' . 

Proof. The first 7 parts are each proved by a simple induction on derivations. 
Part 8 follows easily from parts 6 and 7. 

The other metatheoretic properties of TF are very difficult to establish. We 
have not been able to prove the following properties in full generality, but only 
under a set of restrictions on the type theory specification and context. 

Definitions. 6 (Good Specification). Let T be a type theory specification 
in TF. 

1. We say that T is orderable iff there exists a well-ordering ^ on the decla- 
rations of T such that: 

(a) For every constant declaration (5 = (c : (A)r), it is possible to derive 
A Ih T kind using only the declarations 5' such that 5' -< S. 

(b) For every equation declaration d = (A)(M = TV : T), it is possible 
to derive A \- M : T, A \- N : T and A Ih T kind using only the 
declarations 6' such that S' -< S. 

2. We say that T is n-good iff, whenever F is a context of order < n and 
F h M = TV : T, then F h M : T and F h TV : T. 

3. We say that T is good iff T is n-good for every natural number n. 
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It is difficult to find general conditions under which we can prove that a 
specification is good. So far, we are able to do so for two large classes of 
specifications: 

Theorem 3.7 

1. If T contains no equation declarations, then T is good. 

2. If T is orderable and o{T) < 2, then T is 2-good. 

Proof. 

1. A simple proof by induction on derivations shows that, whenever T \- M = 
N : T, then M = N and T h Af : T. 

2. See Appendix [b1 

Theorem 3.8 Let T be a type theory specification. Suppose T is n-good, and 
r, a: : i^, A is a context of order < n. 

1. (Cut) IfT,x: K,Ah J andTlh F : K thenT,{F/x}Ah {F/x}J. 

2. (Functionality) If r,x : K,A \- M : T and T \\- F = G : K then 
r, {F/x}A \- {F/x}M = {G/x}M : {F/x}T. 

3. (Context Conversion) Ifr,x:K,A\-J and T \\- K = K' then r,x : 
X',Ah J. 

Proof. See Appendix [X] 

Once we have got past this hurdle, other properties of TF follow rapidly. 

Theorem 3.9 (Type Validity) Suppose that T is an n-good specification, 
and 

• for every constant declaration c : K in T, we have Ih K kind; 

• for every equation declaration (A)(Af ^ N :T) inT , we have A Ih T kind. 

Then, whenever o{T) < n, i/ F h M : El (A) or T \- M = N : El (A), we have 
T\- A: Type. 

Proof. The proof is by induction on derivations. The cases (const) and 
(const_eq) use the first hypothesis with Cut and Functionality respectively. The 
case (eq) uses the second hypothesis with Cut. The other cases are all trivial. 

Theorem 3.10 (Kind Validity) Suppose T is n-good and o(F) < n. Then 
the following rules are admissible. 

Th F -.K VVr F = G:K 



Th K kind Th K kind 

Proof. Both rules are proved admissible simultaneously by induction on the 
derivation of the premise. The case of the rule (var_eq) requires Equation Va- 
lidity. 
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4. The Church- Typed TF 

The version of TF we have described is Curry-typed; that is, the bound vari- 
ables in abstractions are not annotated with their kinds. We can also construct 
a Church-typed version of TF, in which objects have the form 

Z[[xii : Kii, . . . ,Xiri : i^lri]Mi, . . . , [a;„i : Knl, ■ ■ ■ ,Xnr„ : KnrjMn] . 

We shall call the Church- typed version of TF by the name TFo In this section, 
we shall give the definition of TFk, prove its metatheoretic properties, and 
define mutually inverse translations between TF and TFk that show that the 
two systems are in some sense equivalent. 

It is very convenient to have available two versions of a lambda-free logical 
framework, and to be able to switch between them at will. For example, when 
embedding a lambda-free framework in a traditional framework, it is easier to 
define translations into the Curry-typed version, and from the Church-typed 
version. We shall be in just this situation when we come to embed TF in LF. 

4-.1. Grammar 

In TFk, the sets of objects, abstractions, abstraction sequences, contexts and 
kinds are all defined simultaneously as follows. 

Objects An object has the form zF, where z is an a-ary variable or constant 
and F an a-ary abstraction sequence, for some arity a. 

Abstractions An a-ary abstraction has the form [A]M, where A is an a-ary 
context and M an object. 

Abstraction Sequences An [ai, . . . ,an)-ary abstraction sequence has the 
form {Fi, . . . , Fn), where each Fi is an a^-ary abstraction. 

Contexts An {ai, . . . ,an)-ary context has the form xi : Ki, . . . ,Xn : Kn, 
where each Xi is an a^-ary variable and Ki an a^-ary kind, with the XiS 
all distinct. 

Kinds An a-ary kind has the form (A)Type or (A)El(Af), where A is an 
a-ary context and M an object. 

In an abstraction [xi : Ki, . . . , x„ : Kn]M or a kind (a;i : Ki, . . . ,Xn : Kn)T, 
each variable Xi is bound wherever it occurs in Ki+i, Ki+2, ■ ■ ■ , Kn, and M. 
We identify all these expressions up to a-conversion. 

The rj-long form of a symbol in TFk must be defined with reference to some 
kind. For z an a-ary variable or constant and K an a-ary kind, we define the 



^The 'k' here stands for 'kind', as we include the kind labels in abstractions. This system 
was named TFc in Adams 0|, the 'c' standing for 'Church'. I have decided to abandon this 
name, as 'c' could just as well stand for 'Curry' ! 
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a-ary abstraction 2;^, the 77-long form of z considered as being of kind K^ by 
recursion on a as follows. 



[xi : Ki,.. .,a;„ : K.a]z[x^ 



Z — Xl._f\l,..., Xfi . J\ri\Z\X-\ , . . . , X, 



The definitions of instantiation and employment in TFk are very similar to 
those in TF. 

{F/x}z[Gi, . . . , G„] = z\{F/x]Gi, ..., {F/x}G„] (z ^ x) 

liF=[h ■.Ki,...,ta:K„]M, 

{F/x}x[Gi,...,G„] = {{F/x}Gi/ii} • • • {{^/x}G„A„}M 
{[x:K]F)*G = {G/x}F 

As in TF, there are three primitive judgement forms in TF^: 

r valid Th M :T T h M =^ N : T 

where F is a context, M and N objects and T a base kind. 

We define the judgement forms T \\- K kind, F Ih K = iC' and F Ih A = A' 
just as we did for TF. 

The judgement form T \\- F : K, where F is an a-ary abstraction and K an 
a-ary kind, is defined as follows. 

(F Ih [A]M : (A')r) = (F Ih A' = A) U {F, A' h M : T} . 

The judgement form T \h F ^ G : K, where F and G are a-ary abstractions 
and K an a-ary kind, is defined as follows. 

(F Ih [Ai]M =. [A2]N : (A3)r) 

= (F Ih A3 = Ai) U (F Ih A3 = A2) U {F, A3 h M = iV : T} 

The judgement form F Ih _F :: A, where F is an a-ary abstraction sequence and 
A an a-ary context, is defined by recursion on a as follows. 

(Flh ()::()) = {F valid} 

(FlhF,Fo :: A,a; :ii') = (F Ih ^ :: A) 

U(F Ih Fo : {F/A}K) 

The judgement form F Ih F = G :: A, where F and G are a-ary abstraction 
sequences and A an a-ary context, is defined by recursion on a as follows. 

(Flh () = ()::()) ^ {F valid} 

(FlhF,Fo = G,Go :: A,x:i^) = (F Ih F = G :: A) 

U(F Ih Fo = Go : {F/A}K) 
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Rules of Deduction. The rules of deduction of TFk look exactly the same as 
those of TF, as given in Fig. [T] The rules (ctxt), (var) and (var_eq) of course 
use the new definitions of the defined judgement forms T \\- K kind, F Ih F :: A 
and F Ih F = G :: A. 

Object theories are declared in TF^ in the same way as in TF: we make a 
number of constant declarations c : (A)r, which has the effect of introducing the 
rules (const) and (const.eq), and equation declarations (A)(M = N -.T), which 
has the effect of introducing the rule (eq) , as given in Section 12.6.11 Again, in 
TFk these rules use the new definitions of the defined judgement forms. 

Metatheory. All the properties of TF we proved in Section [3] hold in TF^ too. 
The proofs follow the same pattern; we have indicated in Appendix [X] the places 
where the details differ. 

4-2. Translations between TF and TF^ 

The systems TF and TFk are equivalent, in the following sense. Given any 
derivable judgement in TFk, erasing the kind labels on variables gives a derivable 
judgement in TF. Conversely, given any derivable judgement in TF, there is a 
way of filling in the kind labels on the variables to yield a derivable judgement 
in TF; further, the choice of kind labels is unique up to equality in TFk. 

This fact is very convenient when working with lambda-free logical frame- 
works, as it allows us to switch between TF and TFk more or less at will, 
effectively treating them as if they were the same system. 

In this section, we shall formally establish the equivalence of TF and TFk 
by defining translations between the two. 

The translation from TFk to TF consists simply of erasing the kind labels: 

Definition4.1. For every entity (object, abstraction, abstraction sequence, kind, 
context, or judgement) X in TFk, let \X\ denote the entity obtained by erasing 
the kind labels on the bound variables in abstractions. 

Given a type theory specification T in TFk, let |T| denote the type theory 
specification in TF formed by erasing the kind labels on the bound variables in 
abstractions within the declarations of T. 

It is straightforward to show that this translation is sound: 

Theorem 4.2 Let T be a type theory specification in TFk, ond let J be a 
judgement that is derivable under T . Then \J\ is a derivable judgement in TF 
under the type theory specification \T\. 

Proof. The proof consists of observing that the image of a primitive rule of 
deduction in TFk under | | is a primitive rule of deduction in TF, and the image 
of any of the rules introduced by T under | | is a rule introduced by |T|. 
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Defining the translation in the other direction is harder. We shall define the 
translation '£' from TF to TFk, which fills in the kind labels on the bound vari- 
ables. Whenever we encounter an object of the form x[- ■ ■ , [j/i, . . . , yn]M, ■ ■ ■], 
we discover the kinds oi yi, . . . , j/„ by looking up the kind of x in the current 
context. Similarly, we handle objects of the form c[- • •] by looking up the kind 
of c in the specification. 

Let us say that an object, abstraction or abstraction sequence X in TF is 
defined relative to the specification T and context F if and only if every constant 
that occurs in X is declared in T, and every free variable in X is declared in 
F. Let us also say that a context A = a:;i : Ki, . . . ,a;„ : Kn is defined relative 
to F and T if and only if, for each i, Ki is defined relative to the context 
F, xi : Ki, . . . , Xi-i : Ki^i and T. Let us say that a judgement F h J is defined 
relative to T if and only if F is defined relative to T, every constant that occurs 
in J is declared in T, and every free variable in J is declared in F. 

Let us say that the specification T is consistent if and only if: 

• for each constant declaration c : K, the kind K is defined relative to the 
empty context and T; 



• 



for each equation declaration (A)(M ^ N : T), the context A is defined 
relative to T, and M, N and T are defined relative to A and T. 



Now, given a consistent specification T in TF, we shall define the following. 

• For every context F defined relative to T, and every object M defined 
relative to T and F, an object Cr{M) in TFk- 

• For every abstraction F and kind K of the same arity defined relative to 
F and T, an abstraction £^ (F) in TFk. We think of K as the intended 
kind of F. 

• For every abstraction sequence F and context A of the same arity defined 
relative to F and T, an abstraction sequence £p (i^) in TFk. Wc think of 
A as giving the intended kinds of the abstractions F. 

• For every kind K defined relative to F and T, a kind Cr(K) in TFk- 

• For every context F defined relative to T, a context £(F) in TFk. 

• For every judgement J defined relative to T, a judgement C{J) in TFk. 
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The definition is as follows. 



Cr{cF) 


= 


c[/:^(F)] (c : (A)T declared in T) 


Cv{xF) 


= 


a;[/:^(F)] (x : (A)r declared in V) 


Cl{M) 


= 


Ct{M) 


4"^^)^'([x]F) 


= 


[x : Ct{K)]C^[,,k{F) 


4^(0) 


EE 





4'^^^(i?,G) 


= 


4(F),4^/^>^(G) 


/:r(Type) 


^ 


Type 


/:r(El(M)) 


= 


El(/:r(M)) 


Cr{{x : K)K') 


= 


(x : /:rW)/:r,x:K(i^') 


m) 


= 





C{T,x:K) 


= 


C{V),Cr{K) 



£(r valid) = /:(r) valid 

CiVrM-.T) = C{T)'r Ct{M):Ct{T) 

C{r^M^N:T) = C(r)^ Cr{M)=Cr{N): Cr{T) 

Given a consistent specification S in TF, let C{S) be the following type 
theory specification in TF^. 

• For every constant declaration c : ii' in 5, declare c : C/\{K). 

• For every equation declaration (A)(M — N : T) in S, declare 

(/:(A))(£a(M) = CAiN) : Ca{T)). 

We can show that this translation is sound after proving a number of lemmas. 

Lemma 4.3 IJ M is defined relative to both F and A, and F and A agree on 
every free variable in M, then Cr{M) = Ca{M). In particular, if M is defined 
relative to F and F C A, then Cr{M) = C\{M). 

Proof. An easy induction on M . 
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Lemma 4.4 For each of the following equations, if the left-hand side is defined 
then so is the right-hand side, in which case the two are 



{C^{F)/x}£r..:K.A{X) = Cr^{F/.}A{{F/x}X) 



where X is an object, kind or context. 

Proof. The five equations are proved simultaneously by a double induction 
on the arity of K, then the size of X, G or G. We give the calculation for 
one case, the case where X is an object of the form xG. Let K = (B)T and 
F= [dome]7V. 

{C{F)lx}C{xG) ^ C{F).{C{F)/x}C{G) 

= C{F)*C{{F/x]G) (i.h. onX) 

^ {C{{Flx}G)/Q}C{N) 

= Ci{{F/x}G/e}N) (i.h. on arity) 

= C{{F/x}xG) 

The following lemma shows how we can change the subscript and superscript 
on an abstraction C^{F). Roughly, it can be read as: if C(r) = £(r') and 
C{K) = C{K'), then C^{F) = C^'{F). 

Lemma 4.5 The following rule of deduction is admissible in TF^- 

C^^ir)\^C^iF):Cr{K) 



C(){T)\^L^{F)=C^:{F):Cv{K) 
Proof. We prove that this rule and the following two are admissible. 

C(){V)hCr{M):Cr{T) 



ih/:o(r)^£o(r) (7) 

/:()(r)ih/:r(Af)-/:r'(Af):/:r(r) 

ih/:o(r,e) = /:o(r,90 



C^){T)hC'?{F)^C^,{F)::Cr{Q) 

The three rules are proved admissible simultaneously by induction on the 
size of Cy{F), Cr{M) and CfiF). We give here the details for the case for ([7]) 
where M has the form xF . 
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Let X have kind {Q)S in T and (Q')S' in T' . We are given that 
£(r) h /:r(Af) : /:(r). Therefore, by Generation, 

C{V) Ih d^{F) :: £(6) /:(r) Ih {Cf {F) / <d} C{S) = C{T) . 

The induction hypothesis gives 

C{V) Ih Cf{F) ^ Cf'{F) :: £(9) . 

and the desired result follows by (var_eq) and (conv_eq). 

Lemma 4.6 Let T be an n-good declaration in TFk- The following rules of 
deduction are admissible in TF^. 

C{T\h F::Q) 
(£_seq) 



(£_seqeq) 



C{T \h F = G :: e) 

/:o(r)ih/:F(^) = 4'(G)::£r(e) 

where T, F , G and Q are of order < n. 

Proof. We first prove the following two rules are admissible. 

£(r \h F:K) 



(£_abs) 



£o(r)lh£f(i^):£r(if) 
C{r\h F = G: K) 



(/:.abseq) ^^^^^^ 1^ ^^^^^ ^ ^^^^^ ^ ^^^^^ 

For the first of these rules, \i K = {Q)T and F = [domOjM, then the premise 
is £(r),£(e) h C{M) : C(T), and the conclusion is 

{C{T) Ih £(9) = £(9)) U {£(r),£(9) h £(M) : C{T)} 

which follows using Context Validity and (rcf ) . The proof for the second rule is 
similar. 

The rules (£_seq) and (£_seqcq) are each proved admissible by induction on 
the length of F. We give the details for the rule (£_seqcq) where the length 
of F is greater than 0. Suppose now that F = Fq^Fi, G = Go,Gi; and 9 = 
9o,a; : Ki. The premises arc 

£(r Ih Fo = Go ■■■■ 9o) U £(r Ih Fi = d : {Fo/9o}i^i) 

and the conclusion is 

(£(r)lh£(Fo)-£(Go)::/:(9)) 
U (£(r) Ih cf^^'^^'^'^'iFi) - cf"/'^"^'''(Gi) : £r({/o/9o}i^i) • 
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This follows, using the induction hypothesis, the rule (£_abseq) and Lemma H751 
once we have shown 

£(r) ih c{{Fa/Qa}K{) = /:({Go/eo}i^i) . 

By Lemma [4.41 this is 

C{T) Ih {£(Fo)/eo}/:(i^i) = {C{Go)/Qo}C{Ki) 

which is obtainable using Functionality. 

Theorem 4.7 Let S he an orderahle n-good type theory specification in TF in 
which every declaration has order < n. Assume we have declared S in TF and 
C{S) in TFk- Then, for every judgement J derivable in TF with context of 
order < n, the judgement C{J) is derivable in TFk- 

Proof. Let -< be the given order on S. For each declaration 6 in S, let Ss be the 
set of declarations S' such that S' -< S. We prove the following simultaneously 
by ^-induction on 5: 

1. C{Ss) is an orderable n-good specification in TFj^. 

2. If J is derivable in TF under Ss, and J has context of order < n, then C{J) 
is derivable under C{Ss) in TFk. 

The proof of 2 is by a straightforward induction on the derivation of J. The 
cases (var), (const), (eq) all make use of the first rule in Lemma [4.61 the cases 
(var_eq) and (const_eq) make use of the second rule in that lemma. 

Thus, our translations between TF and TFk are sound. It is also easy to 
show that the mapping | | is an exact left inverse to C: 

Theorem 4.8 

\Cr{X)\^X \C^iF)\^F \£Hf)\^F 

where X is an object, kind or context. 

Proof. An easy induction on X, F and F. 

The mapping C is not a left inverse to | | up to syntactic identity. For 
example, 

4"T^pl"l:Se,C:Type(l[^ : El(S)]x|) ^ [x : El{A)]x . 

However, on the well-typed objects, abstractions and kinds, £ is a left inverse 
to I I up to eguality in TF^, in the following sense. 
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Theorem 4.9 Let T be an n-good declaration in TF^, and T , F , K , A have 
order < n. 

1. IfTh M -.T then T h M = C\t\{\M\) : T. 

2. IfTh F -.K then T\V F = d'^!^{\F\) : K. 

3. //r Ih F :: A then T Ih F = c\P^{\F\) :: A. 

4. IfTh K kind i/ien T Ih X = C\t\{\K\). 

5. //r,A valid i/ienrih A==/:|r|(|A|). 

Proof. Let 1{X) denote the length of an expression X. The five parts are 
proven simultaneously by induction on 1{V) + 1{M), 1{V) + 1{F), 1{T) + 1{F), 
1{T) + 1{K), and /(F) + /(A). We give here the details of the first two parts. 

1. Suppose M = xF, where x : (6)5 G F. By Generation, 





FlhF 


::e. 


F Ih {F/e 


}S = T . 




Therefore, 












F Ih 


F^c\fl{\F\) ::e 




(i.h.) 




.-.F h 


xF = X 


^lri'(l^l) 


: {F/Q}S 


(var_eq) 




.-.F h 


xF = X 


^^lri'(l^l)^ 


: T 


(conv_eq) 



The case M = cF is similar. 
2. Let K = (e)T and F = [<d']M. We are given that 

FIhe = e', F,eh A/ :T . 

We must show that F Ih [Q']M = [/:|r|(|e|)]£|r|,|e|(|M|) : {Q)T. The 
induction hypothesis gives us that F, 8 h M = £|r|je|(l-^l) ■ T; it remains 
to show 

F Ih e = e' . 

The induction hypothesis gives us that F Ih O' ~ £|p|(|0'|); and F Ih 8 = 
£|r|(|8|); it is thus sufficient to show 

Flh£|r|(|e|) = /:|r|(|e'|) . 

Well, 

le'i 



Ih 



TF 



lei 



C^m) IhTF C\r\{\Q 



Ih 



TF 



F 



-0 



(Theorem 112]) 
= £|r|(|e'|) (Theoremim 
|F|) (i.h.) 



and the result follows by Context Conversion. 
Parts 3-5 are proven similarly. 

We have thus established sound translations | | and C between TF and TFk 
which are inverses of one another up to the appropriate notion of equality. 
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LF 




TF 



Figure 2: Translations between Logical Frameworks 



5. Embedding TF in LF 

Lambda-free frameworks can often be embedded within existing traditional 
logical frameworks; that is, given a traditional logical framework F, we can often 
construct a lambda-free framework (its core) that is, in some sense, isomorphic 
to a subsystem of F . More precisely, we can construct a lambda-free framework 
L and define translations 

NF : F ^ L, lift : L ^ f . 

These translations are sound, and NF is a left inverse to 'lift' up to identity 
(a-conversion) . That is, we have the following properties: 

1. For every derivable judgement J in L, lift (J) is derivable in F. 

2. For every derivable judgement J in F, NF(J) is derivable in L. 

3. For every typable expression X in L, NF(lift(X)) = X. 

In many cases (particularly when F allows 77-conversion) we have in addition 
that NF is a right inverse to lift up to the equality judgements of F: 

4. For every typable expression X in F, the equality lift(NF(X)) = X is 
derivable in F . 

We can think of F as picking out, from each equivalence class of the expressions 
of F modulo /377-convertibility, a unique representative: the /3-normal, 77-long 
form. 

Establishing the above properties of the translations is not easy; it usually 
involves proving fairly strong properties of L and F. However, once this one- 
time cost has been paid, we can then use the translations to prove various 
properties of F more easily. It is often the case that it is easier to establish a 
given metatheoretic property for L than for F . Once it has been proven to hold 
in L, the result can then be 'lifted' to F; that is, we can derive the corresponding 
result for F using the properties of the translations. 

In this section, we shall show how TF can be embedded in this fashion 
within the framework LF introduced in :G| , a Church-typed version of Martin- 
Lof 's logical framework. It will prove to be very advantageous that we have two 
different versions of TF; we shall define translations from TFk to LF, and from 
LF to TF, as shown in Figure [2l 
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5.1. The Framework \jF 

The framework LF [6| is a Church-typed version of Martin-Lof's logical 
frameworlo. LF deals with objects and kinds, given by the following grammar; 

Kind K ::= Type | El (fc) | {x : K)K 

Object k ::= x\ c\ [x : K]k \ kk 

where x is a variable and c a constant. There are five judgement forms in LF: 

• F valid, which denotes that F is a valid context; 

• F h X kind, which denotes that i^ is a kind under F; 

• r h k : K, which denotes that k is an object of kind K under F; 

• r \- k = k' : K, which denotes that k and k' are equal objects of kind K 
under F; 

• r h K — K' , which denotes that K and K' are equal kinds under F. 

A type theory is specified in LF by giving a set of constant declarations c : K, 
and a set of computation rules 

k — k' : K ioi ki : Ki , . . . , A:„ : Kn . 

We shall make use of the following abbreviations when working with LF. Let 
A be the context xi : Ki, . . . ,Xn '■ Kn, and A' the context xi : K'l, . . . , a;„ : K'^. 
We shall write F Ih A = A' for the n judgements 

r h K^^K[, 

r,xi:K, h K2^K'^, 

T,xi: Ki,...,Xn-i: Kn^i h K^ ^ K'„ 
and we shall write F Ih (fci, . . . , A:„) :: A for the n judgements 
T\-ki:Ki, T\- k2 ■.[ki/xi]K2, ..., F h fc„ : [fci/xi, . . . , fc„_i/x„_i]i^„ . 

For the rules of deduction of LF, and how LF may be used to specify various 
object theories, we refer to Luo 6]. 

We note that, as with TF, the judgements of the object theory are repre- 
sented by the LF-judgements of the form 

xi :El(Ai),...,x„:El(A„) h k:El{B) 

xi :El(Ai),...,x„ :E1(A„) h fc = fc':El(B) 

and these are judgements with first-order contexts. 

We shall make use of the fact that LF satisfies Subject Reduction: 

If F h fc : iv: and fc ^^^ fc', then Thk = k' : K. 



•^The framework here called LF should not bo confused with the Edinburgh Logical Frame- 
work 21 , which is also often referred to as LF. 
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5. 2. Translation from TF^ to LF 

We shall now define our translations between LF and the two versions of TF. 
The mapping from TFk to LF, which we shall call 'lift', is almost trivial. We 
map objects and abstractions to objects, kinds to kinds, contexts to contexts 
and judgements to judgements as follows. 



lift(x[Fi,...,F„ 
lift([A]M) 



= xlift(Fi)---lift(K) 
= [lift(A)]lift(M) 



lift (Type) 
lift(El(M)) 
lift((x : K)K') 



= Type 

= El (lift (M)) 

= (x : lift(i\:))lift(ii") 



lift(xi : Ki,. ..,Xn: Kn) 



XI ■.mt{Ki),...,Xn:\iit{Kn) 



lift(r valid) 
lift(r h M -.T) 
lift(r h M = N -.T) 



= lift(r) vahd 

= lift(r) h lift(M) : lift(r) 

= lift(r) h lift(M) = lift (TV) : lift(T) 



It is relatively straightforward to establish that this translation is sound. 

Lemma 5.1 

[lift (F)/x] lift (iV) -^a mt{{F/x}N) 

Proof. The proof is by a double induction on the arity of F and x, then on 
the object N. We give here the details for the case TV = xG. Let F = [A] P. 



[lift(i^)/x]xlift(G) = 



lift (F) [lift (i^)/x] lift (G) 
([lift(A)]lift(P))[lift(i^)/x]lift(G) 
[ [lift (F) /x] hft (G) / A] Uft (P) 
[lift({P/a;}G)/A]lift(P) (i.h. 

lift({{F/x}G/A}P) (i.h. 

mt{{F/x}N) 
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Theorem 5.2 Suppose we have declared a type theory T in TFk, and the cor- 
responding theory lift(r) in LF. If J is a derivable judgement in TFk, then 
lift(i/) is derivable in LF. 

Proof. We first prove that the following rules of deduction are admissible in 

LF: 

liftfP h F -.K) 
(lift.abs) ■ 



(lift_abseq) 
(lift_seq) 
(lift_seqeq) 



lift(r) h lift(F) : lift(X) 
lift(r h F^G:K) 
lift(r) h lift(F) = lift(G) : lift(ii:) 
lift(rih^::A) lift(r, A valid) 
lift(r) Ih lift(F) :: lift(A) 
lift(r Ih F := G :: A) lift(r, A valid) 
lift(r) Ih lift(F) = lift(G) :: lift(A) 



The proof for (lift_seq) is by induction on the length of F. 

If the length is 0, both hypothesis and conclusion are that lift(r) is valid. 

Suppose F is of length n + 1, and the result holds for abstraction sequences 
of length n. Let F = Fq,Fi; and A = Ao,a: : Ki. We are given that lift(r Ih 
Fq :: Ao) is derivable, hence so is lift(r) Ih lift(i^o) :: lift(Ao) by the induction 
hypothesis. We also have 

lift(r) h lift(Fi) : lift({Fo/Ao}Xi) 

by part 1 and 

lift (F), lift (Ao) h lift(/fi) kind 

by Kind Validity in LF. This yields 

lift(F) h [lift(Fo)/Ao]lift(Xi) kind (substitution) 

.-. lift(r) h [lift(Fo)/Ao]lift(Xi) = lift({Fo/Ao}ifi) 

(Subject Reduction, Lemma [?7T|) 
.■.lift(r) h lift(i^i) : [lift(Fo)/Ao]lift(i\:i) (conv) 

as required. 

The proof for (lift_seqeq) is similar, and the proofs for (lift_abs) and (lift_seq) 
are simple. The theorem now follows by induction on the derivation of J^ . 
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5.3. Translation from LF to TF 

The translation from LF to TF is more difficult to construct. It consists of 
reducing every entity of LF to its /3-normal, 77-long form. 

We must first assign arities to the entities of LF, to guide us during 77- 
expansion. We assign an arity to every kind of LF as follows: 

Ar(Type) = 

Ar(El(A:)) = 

At{{x : Ki)K2) = (Ar(Xi)rAr(if2) 

We now define an arity Arr(A:) to some LF-contexts F and LF-objects k as 
follows: 

• If a; : _ftr is an entry in F, then Arr(a;) = Ar(_ftr). 

• If c has been declared with arity K, then Arr(c) = Ar{K). 

• li Air ^x:K{k) is defined, then Arr([a; : K]k) = {AT{K)yATr^x:K{k). 

• If Arr(fc) and Arr(fc') is defined, and Arr(fc) has the form 

Arr(fc) = (Arr(fc')r/3 

then Arr(fcfc') = (3. 

We shall say that an object k is well-aritied if Arr(fc) is defined. We shall only 
be able to map well-aritied objects into TF. We can prove immediately that 
every object typablc in LF is well-aritied. 

Proposition 5.3 In LF, 

1. ifThk: K then Arr(fc) = Ar(i^); 

2. ifThk = k' : K then Arr(fc) = Arr(fc') = At{K); 

3. ifVh K ^ K' then At{K) = Ar{K'). 

Proof. The three statements are proven simultaneously by induction on the 
derivation of the premise. We need to make use of the following two auxiliary 
facts, which are easy to prove: 

1. Aj:{[k/x]K) = AriK) 

2. If Arr(fc) = Ar{K) and Ar-p x-K{k') is defined, then we have 
ATri[k/x]k') = ATr,.:K{k/). 

Given an object k such that Arr(fc) = a, we define the a-ary abstraction 
NFr(fc) in TF as follows. 



r{x) 


= a;" 


'r(c) 


EE c" 


r{[x:K]k) 


= [x]mr,cc:K{k) 


'r(fcfc') 


= NFr(fc)»NFr(fc') 



where, in the first two clauses, x has arity Arr(a;) and c has arity Arr(c). In 
the third clause, x has arity Arr(i^). 
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We extend the mapping NF to kinds, contexts and judgements as follows. 



NFr(Type) 

NFr(El(fc)) 
NFr((x : K)K') 



= Type 

= El(NFr(fc)) 

= {x : NFr(i^))NFr,.:K(i^') 



NFr(()) 
NFr{A,x:K) 




NFr(A),a;:NFr,A(iir) 



NF(r valid) 
NF(r h i^ kind) 
NF(r ^ K^K') 
NF(r h k:K) 



= {NF()(r) valid} 

= (NF()(r) Ih NFr(ii') kind) 

= (NF()(r) Ih NFr(ii') = NFr(-ft:')) 

= (NF()(r) Ih NFr(fc) : NFr(-f(:)) 



NF{T h k = k' : K) = (NF()(r) IhNFr(fc) = NFr(fc') : NFr(i^)) 

Given a type theory specification T in LF, we define the type theory specification 
NF(r) in TF as follows. 

• For each declaration c : K inT, the declaration c : NF()(ii') is in NF(T). 

• For each declaration (A)(fc = k' : K) in T, the declaration 

(NF()(A))(NFA(fc) == NFA(fc') : NFaC^^)) is in NF(r). 

The following results ensure that this translation is well-behaved and sound. 



Theorem 5.4 

f. Let Aj[{K) = a. IfNFr{K) is defined, then it is an a-ary kind. 

2. Let F C A. IfNFriX) is defined, then NFa(^) is defined, and 

NFa(X) s NFr(X) . 

3. Suppose Arr(fc) = At{K). Let X be an LF-object, kind or context. If 
NFr(fc) andNFr.x:K,A{X) are defined, thenNFY,[k/x]A{[k/x]X) is defined, 
and 

^Fr.[kMA{[k/x]X) = {NFr{k)/x}NFr,x:KMX) • 

4. Let T be a type-theory specification in LF, and suppose NF(T) is an n-good 
specification in TF. If the judgement J is derivable in LF and has context 
of order < n, then NF(J') is defined and derivable in TF. 



30 



Proof. The first three parts are easily proven by an induction on K and X 
respectively. 

The fourth part is proven by induction on the derivation of J . Most cases 
are straightforward, making use of the results proven in Section [31 We give here 
the details for the rule (beta). 

T^x-.K'rk'-.K' Thk-.K 
(beta) 



r h ([a; : K]k')k ^ [k/x]k' : [k/x\K' 
By the induction hypothesis, 

NFo(r),x:NFr(i^) Ih NFr,.:K(fc') : NFr,,.^(ir'); 
NF()(r) Ih NFr(fc) : NFr(A') . 

Now, 

^Yr{{[x : K]k')k) = ([x]NFr,x:K(fc')) • NFr(fc) 
= {NFr(fc)/x}NFr..:i^(fc') 
= NFr([fc/a;]fc') (part 3) 

The Cut rule and (ref) give us 

NF()(r) Ih {NFr(A:)/x}NFr^x:K(fc') = {NFr(A:)/x}NFr.x:K(fc') 
: {NFr(A:)/x}NFr^x:K(if') 

and, by part 3, this is the same judgement as 

NF()(r) Ih NFr(([x : K]k')k) ^ NFr([fc/a;]fc') : NFri[k/x]K') . 

The translations we have established between our three systems are shown 
in Figure [3 The triangles in this diagram commute in the sense given by the 
following theorem. 

Theorem 5.5 Let T be a type theory specification in LF, and suppose NF(T) 
is an orderable n-good type theory specification in TF. 

1. IfThk:K mLF, then 

rhA: = lift(4^;(^;(NFr(fc))):X . 

Similar results hold for kinds and contexts. 

2. IfTh M -.T in TF, then 

Mee NFiift(£<,(r))(lift(/:r(M))) . 
Similar results hold for kinds and contexts. 
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3. IfTh M -.T mTFk, then 

r h M = /:NFo(iift(r))(NFiift(r)(lift(M))) : T . 

Similar results hold for kinds and contexts. 

Proof. 
1. We prove the statement: 

If r h fc : if and Ih r = A in LF, then 

rhfc=.hft(4^;(^;(NFA(fc))):if . 

We prove the statements simultaneously with similar statements for kinds 
and contexts by induction on size. We give here the details for the case 
where k is an abstraction. 
Let k = [x : Kolk' , and K = {x : Ki)K2. By Generation, we have 

Th Ko^Ki, r,x:Kihk':K2. 

Now, 

,NFr(-R:) 



lifH^NFo(r)(NFA(fc)) 

= l™(^'^NFo(r) [[x\^F A,x:Ko[k )) j 

^ lift {[x : /:NF„(r)(NFr(ifi))]C;'(i^-S(NFA,.:K„(fc')) 

s [x : lift(£NF„(r)(NFr(ifi)))]lift {cZ'^^^r^S^^ i^F^.=^--Koik')) 

Now, the induction hypothesis gives the two judgements 

r h lift(/:NF„(r)(NFr(ifi)))-ifi 

r,x:K^ h hft (/:NF;'(r"x:S (NFa,.:Ko (fc'))) ^k':K2 

from which the result follows. 
2. The proof is by induction on the object M. Let M = z[F], and let z have 
kind (A)T relative to F. Then 

NFuft(£<^(r))(lift(/:r(M))) ^ NFuft(£„(r))(lift(z[/:^(i?)])) 

^ NFuft(£„(r))(z[lift(4(i?))]) 

^ z''.NFiift(£„(r))(lift(/:^(i?))) 

^ z[NFMt(£„(r))(lift(/:^(i?)))] 

^ ^[F] (i.h.) 
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3. The proof is by induction on the object M. Let M = x[F], and let 

r = ri,a;:(A)5,r2 . 

Then 

^NF„(iift(r))(NFiift(r)(lift(M))) 

= /:NF„(iift(r))(NFMt(r)(a;lift(^))) 
= /:NFo(iift(r))(a:'' • NFiift(r)(lift(F))) 
= /:NFo(iift(r))(a;[NFuft(r)(lift(F))]) 

>NF„ft(ri)(lift(A)), n•-f^-^^^^^' 

^NFo(uft(r)) (NFuft(r)(hft(F))) 

/,NF„ft(r)(lift(A)), {Kft-(p\\\ 

'^NFo(iift(r)) (W^iift(r)Uitt(^))) 

Now, by Generation, F Ih ^ :: A and F Ih {F/A}S = T. Hence, the 
induction hypothesis gives 

r 11 p _ /.NF„ft(r)(lift(A)) , , -,, _^ 

from which the result follows. 

5.4- Lifting Results 

Suppose we wish to establish a property of a framework, or of an object 
theory in a traditional framework F . It is often the case that the property 
is more easily proven for a lambda-free framework L. The result can then be 
'lifted' to F; that is, we can derive the result for F easily from L, together with 
the properties of the translations between L and F. 

In Luo and Adams [13|, we were working with a type theory declared in 
LF: an extension of the type theory UTT [y] with some new reduction rules. It 
was found to be necessary to prove that type constructors are injective; that is, 
whenever T : {K)Type and TA^TB, then A = B. We were not able to find 
a way to prove this result in LF directly; the obvious method requires using the 
Church-Rosser property for the new reduction relation, which is not known to 
hold. However, the corresponding result in TF is almost trivial, and so we made 
use of this fact and lifted the result from TF to LF. As an illustration of the 
process of lifting results, we repeat the details here. 
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We seek to prove: 

Theorem 5.6 (Injectivity of Type Constructors) Let S be a type theory 
specification in LF that has the property: for every equation declaration 
(A) (A/ = N : T) in S, T has the form El (A) (that is, there are no equation 
declarations of the form (A)(Af — N : Type)j. Further, suppose NF(iS) is an 
orderable n-good specification in TF. Let c : (0)Type he a constant declaration 
in S. Then the following rule of deduction is admissible: 

r h ci" = ci? : Type 

rih A = B ::e 

where V has order < n. 

The corresponding result for TF is fairly easy to prove: 

Theorem 5.7 Let S be a type theory specification in TF that has the property: 
for every equation declaration (A)(Af — N :T) in S, T has the form El (A). 
Let c : (0)Type be a constant declaration in S. Then the following rule of 
deduction is admissible: 

r h cF = cG : Type 

rihi? = G::e 

Proof. We shall prove the following statement. 

If r h cF = X : Type or T h X = cF : Type is derivable, then X 
has the form cG, and T Ih F = G :: 6. 

The proof is by induction on the derivation of the premise. Note that the last 
step in this derivation cannot be the use of an equation from S. All cases are 
straightforward . 

The result can now be 'lifted' to LF. We omit the sub- and superscripts on 
NF and C in the following proof. 

Proof of Theorem 15.61 Let S satisfy the hypotheses of the theorem. Suppose 
r h cA = cS : Type is derivable in LF under S. By Theorem 15.41 

NF(r) h cNF(i*) = cNF(B) : Type 

is derivable in TF under NF(iS). We note also that NF(5) satisfies the hypothe- 
ses of Theorem [5l7l Therefore, 

NF(r) Wtf NF(i*) ^ NF(i3) :: NF(e) (Theorem [531) 

.-. £(NF(r)) IhTF 'C(NF(i*)) = C{^¥{B)) :: /:(NF(e)) (Theorem EH) 

.-. lift(/;(NF(r))) IhiF lift(/:(NF(i*))) = lift(£(NF(B))) :: lift(/:(NF(e))) 

(Theorem [5J]) 
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We also have, by Theorem 15.51 

\^LF r = hft(/:(NF(r))) 

r hLF A = \iii{C{^¥{A)))::Q 
r Wlf B = \iii{C{^Y{B)))::Q 

r ihLF e = uft(£(NF(e))) 

It follows that 

T\^LF A^B::Q 

as required. 

In contrast, the author has been unable to find a direct proof of this result 
inLF. 

Here is a second example of how a result may be lifted from TF to LF. Let 
T be a type theory specification in LF. Roughly, we shall show that, if NF(T) 
is strongly normalising in TF, then T is strongly normalising in LF. 

More strictly, assume we have declared T in LF and NF(T) in TF. Suppose 
NF(T) is orderable and 1-good. Let -^r be a reduction relation on the objects of 
LF, and let ^Ftfiri be the union of — >jj and framework-level (3- and 77-reduction: 







{[x 


■.K]k)k' ^p 


[k'/x]k 






[x : 


K]kx — >,, 


k . 


Define the relation \> 


on 


the objects of TF ag 


i follows 



M\>N if and only if there exist LF-objects a, b such that NF(a) — M, 
NF(6) = N, and M -^r N. 

Then we have 

Theorem 5.8 Suppose that every object typable in TF is strongly 
> -normalising. Then every object typable in LF is strongly -^jif^j^ -normalising. 

Proof. Suppose F I- a : yl and 

a -^R0rj 0,1 —*B.lir) ^2 ~* RpTj ' ' ' (8) 

is an infinite — ^^-reduction sequence starting with a. Then NF(r) h^F NF(a) : 
NF(A), so NF(a) is strongly l>-normalisable. 

Now, if a„ -^R a„+i, then NF(a„) l> NF(a„_)-i); and if a„ -^f3-q fln+i, then 
NF(a„) = NF(a„+i). So we have 

NF(a) \> NF(ai) \> NF(a2) > • • • . 

This sequence cannot contain an infinite number of [>-reductions; therefore, 
there must be some n such that 

NF(a„) = NF(a„+i) = NF(a„+2) = • ■ • 
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and hence 

On ~^/3>7 fln+l ~*/3)) 0,n+2 ~^/3ri • ' ' • 

This contradicts the fact that LF is strongly —^^^-norniahsing. 

It is often easier to prove that NF(T) is strongly O -normalising than that 
T is strongly — >/j^r(-nornialising, because we do not have to consider how — >/{ 
and framework- level (3- and 77-reduction interact. 

We have made use in this proof of the fact that LF is strongly /Jiy- normalising 
under an arbitrary type theory specification. This is not difficult to prove, but, 
to the best of the author's knowledge, a proof has not yet been published, and 
so we present one in Appendix [Cl 

6. Related Work 

Several lambda-free logical frameworks have appeared, independently, since 
the publication of Adams {5;] . 

6.1. The Canonical Logical Framework 

The Canonical Logical Framework (Canonical LF) [T], |8| is a subsystem of 
the Edinburgh Logical Framework (ELF) that deals only with objects in (3- 
normal, 77-long forms. This framework uses an operation of hereditary substitu- 
tion [M/x]™N which behaves similarly to TF's instantiation. Their operation 
must be given a simple type a, which plays a similar role to the arity in TF. 

The Canonical LF is essentially the same system as the following subsystem 
of TFk. Let us say that a product kind (xi : Ki, . . . ,Xn '■ Kn)T is small iff 
the symbol Type does not occur in it, and large otherwise. We impose the 
following restrictions on TF: 

• every variable that appears in a judgement or constant declaration must 
have a small kind; 

• no equation declarations may be made. 

This subsystem was the system named SPar((jj)^ in [5]. We can prove that 
TFk is conservative over this subsystem in a very strong sense: 

Theorem 6.1 Let T be a type theory specification containing no equation dec- 
larations, such that every variable in a constant declaration has a small kind. 
Let J^ be a judgement in which every variable has a small kind. If J is deriv- 
able in TFk under T , then J is derivable under T in SPar(cij)^. In fact, every 
derivation of J in TFk is a derivation of J in SPar(w)^. 
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Canonical LF SPar(ijj)~ 

Kinds Product kinds of the form (A)Type 

Canonical Type Families Product kinds of the form (A)E1 {A) 
Atomic Type Families Objects of kind Type 

Canonical Terms Abstractions of small kind 

Atomic Terms Objects of small kind 

Table 1: Correspondence between the syntactic categories of Canonical LF and SPar(ti;) 



Proof. By inspection of the rules of TFj^, we see the following two facts. 

1. If a variable of large kind occurs in a derivable judgement, then a variable 
of large kind occurs in the context of that judgement. 

2. If a variable of large kind occurs in the context of a judgement at some 
point in a derivation, then a variable of large kind occurs in the context of 
every judgement below that point. 

Therefore, if the conclusion contains no variable with large kind, then no variable 
with large kind occurs anywhere in the derivation, and the derivation is valid 
in SPar(w)-. 

There is a close correspondence between Canonical LF and SPar(tj)~. It is 
possible to define a bijective translation between Canonical LF and SPar(a;)~ 
that maps each class of entity in the left-hand column of Table [1] to the corre- 
sponding class of entity in the right-hand column. 

The embedding of TF in LF given in this paper can be adapted in a straight- 
forward way to provide an embedding of Canonical LF in ELF. This embedding 
proves that the two systems are equivalent; that is, the derivable judgements of 
Canonical LF are exactly the derivable judgements of ELF that are in /3-normal, 
77-long form. To the best of the author's knowledge, a proof of this fact has not 
yet been published. For further details, we refer to Adams (5|, where an explicit 
embedding of SPar(ti))~ in ELF is defined. 

6.2. DMBEL 

Plotkin has produced several 'algebraic frameworks' for logics and type theo- 
ries, including DMBEL (Dependent Multi-Sorted Binding Equational 
Logic) [9|, |lO| . This is a framework that allows the declaration of theories in- 
volving second-order constants, and equations between objects. It is intended 
to be used for studying the theory of the syntax and semantics of logic and 
programming languages. The framework DMBEL uses operations of first-order 
substitution and second-order substitution, which are similar to TF's operation 
of instantiation {M/x}N restricted to the cases where x is of order or 1 
respectively. 

The framework DMBEL is essentially the same as the subsystem of TF^ 
obtained by imposing the following restriction: 

• In every constant declaration, equation declaration and judgement, every 
variable that appears must have a small kind of order or 1 . 
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DMBEL SPar(2) 



Type constant constant of kind (A)Type, 

where A is small and of order < 2 

Term constant constant of kind (A)E1(74), 

where A is small and of order < 2 

Term variable variable of small kind and order 

Abstraction variable variable of small kind and order < 1 

Type object of kind Type 

Abstraction type small product kind of order < 1 

Term object of kind El (A) 

Abstraction term abstraction of small kind and order < 1 

Context context of order < 1 

Abstraction context context of order < 2 

Signature constant declarations in a specification 

Table 2: Correspondence between the syntactic categories of DMBEL and SPar(2). 

It follows that every constant that is declared must have order at most 2. This 
subsystem was named SPar(2) in Adams [5|. It can be proven that TFi^ is 
conservative over this subsystem: 

Theorem 6.2 Let T be a specification in SPar(2), and let S he a judgement 
in which every variable has a small kind of order or 1. Then any derivation 
oj J under T in TF^ is a derivation of J under T in SPar(2). 

Proof. By inspection of the rules of TF^, we see the following four facts. 

1. If a variable of large kind occurs in a derivable judgement, then a variable 
of large kind occurs in the context of that judgement. 

2. If a variable of order > 1 occurs in a derivable judgement, then a variable 
of order > 1 occurs in the context of that judgement. 

3. If a variable of large kind occurs in the context of a judgement at some 
point in a derivation, then a variable of large kind occurs in the context of 
every judgement below that point. 

4. If a variable of order > 1 occurs in the context of a judgement at some 
point in a derivation, then a variable of order > 1 occurs in the context of 
every judgement below that point. 

Therefore, if the conclusion contains no variable with large kind, and no variable 
of order > 1, then no variable with large kind or of order > 1 occurs anywhere 
in the derivation, and the derivation is valid in SPar(2). 

There is a close correspondence between DMBEL and SPar(2). It is possible 
to define a bijective translation between DMBEL and SPar(2) that maps each 
class of entity in the left-hand column of Table [5] to the corresponding class of 
entity in the right-hand column. 

The results in this paper thus show that the properties Cut, Functionality, 
Equation Vahdity and Context Conversion hold for DMBEL, and that DMBEL 
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can be conservatively embedded in LF. Further, if we remove equation declara- 
tions from DMBEL, then the resulting system can be conservatively embedded 
in both Canonical LF and ELF. 

6.3. PAL+ 

The phrase 'lambda-free logical framework' was originally coined to describe 
the framework PAL+ [1]. This framework does not use lambda-abstraction, 
instead taking parametrisation and local definition as primitive. PAL"*" does not 
allow partial application; an n-ary function must be applied to all n arguments 
at once. It does still have a mechanism for forming abstractions, however; the 
object 

letw[a;i : Ki] — k : K'mv 

in PAL+ behaves very similarly to the lambda-abstraction [xi : Ki\k. The 
system TF thus involves even fewer primitive concepts than PAL+. 

It can be proved that TF can be embedded in PAL"*', in a similar manner to 
the embedding in LF. We refer to Adams |5i] for the details. 

7. Conclusion 

We have presented the formal definition of two lambda-free logical frame- 
works, TF and TFk, and proven several of their metatheoretic properties. We 
have defined translations between these two frameworks and the framework LF, 
and shown how these can be used to lift results proven in TF to LF. 

The idea of a lambda-free framework has now been invented independently 
by several researchers, including Aczel (who invented TF), Harper and Pfen- 
ing (Canonical LF) and Plotkin (DMBEL). These frameworks are powerful in 
many ways. They represent object theories more faithfully than do traditional 
frameworks; each expression in the object theory corresponds to a unique object 
in the framework, rather than a /Jry-convertibility class. Many results, such as 
the injectivity of type constructors or strong normalisation, are often easier to 
prove using a lambda-free framework than a traditional framework. 

The cost is that the metatheoretic properties of a lambda-free framework 
are much more difficult to establish. This should be seen as a one-time cost, 
however; these properties need only be established for a framework once, and 
the framework can then be used for many object theories and the lifting of many 
results. We have been able to establish these properties for two large classes 
of object theories: those with no equation declarations, and those with only 
declarations of order < 2. It follows that these results hold for Canonical LF 
and DMBEL, as these systems are isomorphic to conservative subsystems of 
TF, one of which does not allow equation declarations, and one of which does 
not allow specifications of order > 2. 

For the future, the most immediate need is to remove this restriction on the 
specifications. We would dearly love to be able to prove that every orderable 
specification is good, as we would then be able to remove the hypotheses about 
the n-goodness of specifications and the order of contexts in each of the results 
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in this paper. Further work should also include constructing new lambda-free 
logical frameworks with features such as subtyping, coercive subtyping, or meta- 
logical reasoning, so that results can be lifted to traditional frameworks that 
have these features. 
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A. Metatheory of TF 

We present here the proof of the basic metatheoretic properties of TF and 
TFk- The proofs for each system are very similar; we shall work in TF for most 
of this section, and mark with the symbol § the changes that need to be made to 
obtain a proof for TF^. These changes are all very minor. The most substantial 
is in Lemma I A. 71 

Fix a natural number n, and let T be a type theory specification in TF 
(§ or TFk) that is n-good. Throughout this section, we assume that every 
kind, context, variable, constant and abstraction that appears is of order < n. 

We shall begin by proving the following two properties: 

Cut. We say that the property Cut holds for a kind K if and only if, whenever 
T,x:K,A^ J, and Th F : K, then F, {F/x}A h {F/x}J. 

Functionality. We say that the property Functionality holds for a kind K if and 
only if, whenever T,x : K, A \- M : T and T \h F = G : K , then F, {F/x}A h 
{F/x}M = {G/x}M : {F/x}T. 
We first note: 

Lemma A.l Let K be a kind. Suppose the properties Cut and Functionality 
hold for K. Then so does the following: if T,x : K, A \- M = N : T and 
T\b F^G:K, then F, {F/x}A h {F/x}M = {G/x}N : {F/x}T. 

Proof. Suppose r,x : K,A h M = N : T and T \h F =^ G : K. Since the 
specification is good, we have T W- F : K, and so Functionality gives 

F, {F/x}A h {F/x}M = {F/x}N : {F/x}T . 
The goodness of the specification also gives us F h A^ : T, and so 

F, {F/x}A h {F/x}N = {G/x}N : {F/x}T . 

The result follows by (trans). 

Theorem A. 2 The properties Cut and Functionality hold for every kind K. 

Proof. The proof is by double induction, first on the kind AT, second on the 
derivation of the judgement F, a; : AT, A h J or F, x : AT, A h Af : T. 
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Cut. Let K = (e)T and F = [dome]P. (§In TFk, F will have the form [Q']P.) 
We deal here with the case where the last step in the derivation is 

r,x:(e)T,Alhi?i = i?2::e 
(vareqj ■ 



r, X : (e)r, a h xi?i = xH2 ■. {Hi/q}t 

By the induction hypothesis, we have 

r, {F/x]/\ Ih {F/x}Hi ^ {F/x}H2 :: 9 . 

We are also given that r,Q \- P : T. By Weakening and (ref), 

r, {F/x}A, Qh P = P -.T . 

By repeatedly applying Lemma [A. II with each of the kinds in Q, we have the 
desired conclusion 

r, {F/x}A h {{F/x}Hi/Q}P = {{F/x}H2/Q}P : {{F/x}Hi/e}T . 

Functionality. Let K = {Q)T, F = [dome]P and G = [dome]Q. (§In TFk, F 
will have the form [Q']P and G the form [ld"]Q.) We deal here with the case 
where the last step in the derivation is 

, ^ r,a;: (e)r,Alhi?::e 

(var) 

r, X : (e)T, Ah xH : {H/QjT 

By the induction hypothesis, we have 

F, {F/x}A Ih {F/x}H = {G/x}H :: 6 . 

We are also given that 

F,ehP = Q:r . 

By repeatedly applying Lemma lA.ll with each of the kinds in 0, we have the 
desired conclusion 

F, {F/x}A h {{F/x}H/e}P = {{G/x}H/(d}Q : {{F/x}H/Q}T . 

We also deal with the case where the last step in the derivation is 

F, a; : K, A h M : El (A) T,x : K,Ah A = B : Type 



(conv) ■ 



F, a; : i^, A h Af : El (B) 



We are given T h F = G : K;hy the goodness of the specification, we also have 
F Ih P : K. By the induction hypothesis, we may apply Functionality to the 
first premise and Cut to the second to give 

F, {F/x}A h {F/x}M = {G/x}M : El {{F/x}A) 
F, {F/x}A h {F/x}A = {F/x}B : Type . 

The result follows by (conveq). 
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Our next objective is to prove the following property: 

Context Conversion. We say that the property Context Conversion holds for 
a kind K if and only if, whenever T,x : K,A h J' and T \h K = K' , then 
r,x:K',A^J. 

Once again, we need some auxiliary lemmas: 

Lemma A. 3 Let K be a kind, and suppose Context Conversion holds for every 
kind of smaller arity than K. If o{T) < n and T \\- K ~ K' then V Ih K' = K . 

Proof. The proof is by induction on K. 

li K = Type, there is nothing to prove. If K has the form El {A), we simply 
apply (sym). 

Suppose K = [x : Ki)K2 and K' = [x : K[)K2- We are given 

r Ih iCi = K[, T,x: Ki Ih K2^K'2 . 

Applying Context Conversion gives T,x : K[ Ih K2 = i^2- The desired judge- 
ments 

r Ih i^i = Ki, T,x: K[ Ih K'2 = K2 

follow by the induction hypothesis. 

Lemma A. 4 Let A be a context, and suppose Context Conversion holds for 
every kind of smaller arity than A. //F Ih A = A' then F Ih A' = A. 

Proof. The proof is by induction on the length of A. The case of length is 
trivial. 

For the inductive step, let A = Aq, x : K and A' = Aq, a; : K' . We are given 

Flh Ao = A[, F,Ao \h K = K' . 

By the induction hypothesis, F Ih Aq = Aq. Applying Context Conversion with 
each of the kinds in Aq gives F, A'„ \\- K ^ K' , and so F, A^ Ih K' = K hy the 
previous lemma. 

Lemma A. 5 Suppose Context Conversion holds for every kind of lower arity 
than Ki. IfT Ih Ki = K2 and F Ih i^2 == -ft^s then T h Ki = K3. 

Proof. The proof is by induction on Ki. The case Ki = Type is trivial. If 
Ki has the form El (A), we simply apply (trans). 

Suppose Ki = {x : Ji)£i, K2 = [x : J2)L2, and K3 = {x : Jz)L^. We are 
given 

F Ih Ji = J2 r Ih J2 = J3 

F, a; : Ji Ih Li = L2 F, a; : J2 Ih L2 = is 

By Lemina lA.3[ we have F Ih J2 = Ji; applying Context Conversion gives F, x : 
Ji Ih L2 = L3. The desired judgements F Ih Ji = J3 and F, a; : Ji Ih Li — L3 
follow by the induction hypothesis. 
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Lemma A. 6 Suppose Context Conversion holds for every kind of lower arity 
than Ai. IfT Ih Ai = A2 and T Ih A2 = A3, then T Ih Ai = A3. 

Proof. The proof is by induction on the length of Ai. The case of length is 
trivial. 

For the inductive step, let Ai = 9i,a; : Ki; A2 = 62,2; : K2; and A3 = 
63, X : K3. We are given 

r Ih ei = 62 r ih 62 = 63 

r, ei Ih Ki = K2 r, 82 ih K2 = K3 

By Lemma rA.41 we have F Ih 82 = 81. Repeatedly applying Context Conver- 
sion gives us F, 81 Ih K2 = K3. The desired judgements 

Flh8i=83, F,8ilhi^i=ir3 

follow by the induction hypothesis. 

Lemma A. 7 Suppose Context Conversion holds for every kind of lower arity 
than K. IfT\^F:KandThK^ K' , then T \b F : K' . 

Proof. Let K = (8)T, K' = {Q')T' and F = [dom8]Af. We are given 

F, 8 h Af : T, F Ih 8 = 8', F, 8 Ih T = T' . 

By (conv), we have F, 8 h M : T'. Applying Context Conversion with each of 
the kinds in 8 yields 

F, 8' h M : T' 

as required. 

§In TFk, let F = [8i]M. In addition to the above, we are given F Ih 8 = 81 
and must prove F Ih 8' = 81. This follows from Lemmas IA.4I and IA.6I 

Lemma A. 8 Suppose Context Conversion holds for each of the kinds in A. // 
F Ih ^ :: A anrf F Ih A = A', then F Ih F :: A'. 

Proof. The proof is by induction on the length of A and A'. The case of 
length is trivial. 

For the induction step, let A = Ao,a; : K, let A' = Aq,^ : K' , and let 
F = Fq, Fi. Then we are given 

F Ih ^0 :: Ao F Ih ^i : {Fo/Ao}K 

FlhAo = A[| r,Ao\^ K = K' 



By the induction hypothesis. 



r Ih Fo :: a;, 
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Applying Cut repeatedly gives 

r Ih {Fo/Ao}i^ = {Fo/^o}K' 

and the desired judgement 

r Ih Fi : {^o/Ao}i^' 

follows by the previous lemma. 

Theorem A. 9 The property Context Conversion holds for every kind K . 

Proof. Let K = (e)T and K' = (e')T', so we are given T Ih 9 = 6' and 
r, Ih i^ = K' . The proof is by double induction, first on the kind K^ second 
on the derivation of F, x : -ftT, A h JT". 

We deal here with the case where the last step in the derivation is 

r,a; : (9)7, A Ih F :: 9 

(var) 

T,x: (9)T,Alha;F: {F/Q}T 

By the induction hypothesis, we have 

r,a;: (9')T', A Ih F :: 9 . 

Applying Lemma [A. 81 we have 

r,a;: (9')T',A Ih F :: 9' 

.•.r,x: (9')r',A Ih a;F:{F/9}r' (var) 

Applying Cut yields 

r, X : (9')T', A h {F/9}T = {F/9}r' 

and the result follows by (sym) and (conv). 

The case where the last step is (vareq) is similar, and the other cases are all 
straightforward . 



This completes the proof of Theorem 

Note. The assumption of n-goodness is essential for this proof. To remove the 
need for it, one suggestion would be to add the following as primitive rules of 

TF: 

rhA'f = 7V:r Fhil/ = 7V:F 

(Leq) (Req) 

Fh M:T Fh7V:F 

This would not work, however. The proof of Theorem lA. 21 would then fail, as we 
would not be able to complete the inductive step for the proof of Functionality 
in the case that the last step in the derivation is the rule (Req). 
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B. 2-good Specifications 

Our aim in this section is to show that, if T is an orderable type theory 
specification in which every declaration is of order < 2, then T is 2-good. In 
order to prove this, we must prove four properties hold simultaneously. The 
following proof holds whether we are working in TF or TFj^. 

Theorem B.l Suppose T is an orderable specification, and every declaration 
in T has order < 2. Then: 

1. Whenever T ^ M ^ N : T and T has order < 2 then T \- M : T and 
Th N -.T. 

2. Whenever T,x : K, A\- J , T \\- F : K andV^x : K, A is of order < 2, then 
r, {F/x}A h {F/x}J. 

3. Whenever T,x : K, A \- M : T, T \^ F ^ G : K and T,x : K, A is of order 
< 2, then r, {F/x}A h {F/x}M = {G/x}M : {F/x}T. 

4. Whenever r,x : K,A h J, T \\- K = K' andT,x : K,A is of order < 2, 
thenT,x:K',A^ J. 

Proof. By the orderability of T, we may replace the rules (const), (const_eq) 
and (eq) with the following rules without changing the set of derivable judge- 
ments. For each constant declaration c : (A)T, 

, r Ih F :: A Alh T kind ^ , F Ih i? = G :: A A h T kind 

(const ) (const_cq ) 

F h cF : {F/A}T T h cF = cG : {F/A}T 

For each equation declaration (A)(M — N : T), 

, FlhF::A A\~M:T AhiV:T 
(eq). 



F h {F/A}M = {F/A}N : {F/A}T 

Given a finite sequence of declarations s, let us write F hg J/ to mean that 
there exists a derivation of the judgement F h J7 such that, for every branch in 
the derivation, the declarations used at the (const), (const_eq) and (eq) nodes, 
taken in order from leaf to root, form a subsequence of s. For defined judgement 
forms, we write (e.g.) F Ih^ {x : E1(A))E1(B) = (x : El (A'))E1 (B') to mean 
T\-s A = A' : Type and F, a; : A h^ B = B' both hold. 

We write s \Z t to denote that s is a proper initial segment of t. We write 
r \^fzs J to denote that there exists i E s such that F h^ J . 

Define the order of a sequence s by 

o(^s) — max{o((5) | 5 G s} . 
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We define the following properties for natural numbers m, n with n < m 
and sequences s. 

• CUT (to, n,s) is the statement: whenever T,x : K,A has order to, K 
has order n, and r,x : K,Ahs J and T Ih^ F : K, then T,{F/x}A h, 
{F/x}J. 

• FUNC (to, n, s) is the statement: whenever T,x : K, A has order m, K 
has order n, and T,x : K,A ^^ M : T and T Ih^ F = G : FT, then 
r, {F/x}A hs {F/a;}M = {G/x}M : {F/x)T. 

• CC {m,n, s) is the statement: whenever r,a; : K,A has order tti, K has 
order n, and T,x: K,A\-s J and T Ih^ FT = iiT', then T, x: K',A h^ J. 

• EQVAL (m, s) is the statement: whenever F has order to, and F h^ Af = 
N : T, then F h,. M : T and F h^ TV : T. (EQVAL stands for 'equation 
vahdity'.) 

• FUNCEQ (to, n, s) is the statement: whenever F,a; : K,A has order m, 
K has order n, and F, a; : i^, A h^ Af = iV : T and F Ih^ F = G : K, then 
F, {F/x}A h, {F/a;}Af = {G/x}7V : {F/x}T. 

• GFUNC (tti, n, s) is the statement: whenever r,x : K, A has order to, K 
has order n, and T,x : K, A hs M : T, T hs F = G : K, T hs F : K 
and F Ih, G : is:, then F, {F/x}A h^ {F/a:}A/ = {G/x}M : {F/x}T. 
(GFUNC stands for 'guarded functionality'.) 

We shall employ the following abbreviations: CUT (< a, < b,s), for example, 
shall mean that CUT (to, n, s) holds for all to < a and all n < b. Another 
example: CC (to., n, <s) shall mean CUT (to., n, t) holds for all t < s. 

Our aim is to show EQVAL (2, s) for all sequences s of declarations from T. 

By proofs similar to the ones in the Appendix \^ we can prove the following 
results for all to and s: 

(1) FUNCEQ (to, < 71, s) a cut (to, <n,s)^ GFUNC (to, n, s) 

(2) CUT (to, < n, s) a FUNCEQ (to, < n, s) ^ CUT (to, n, s) 

(3) CUT (to, <n,s)A CC (to, < n - 1, s) A EQVAL (to, s) =» CC (to, n, s) 

(4) GFUNC (to, n, s) A CUT (to, n, s) ^ GFUNCEQ (to, n, s) 

The following results are trivial: 

(5) GFUNC (to, n, s) A EQVAL (to, s) => FUNC (to, n, s) 

(6) GFUNCEQ (to, n, s) A EQVAL (to, s) ^ FUNCEQ (to, n, s) 
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Claim. 

(7) The properties 

GFUNCEQ (m, < m - l,s) 

CC (to, < TO - 2, s) 

GFUNCEQ (< max(m, o{s)), < o{s), E s) 

CC (< max(TO, o{s) - 1), < o(s) - 1, E s) 

CUT (< max(TO, o(s)), < o{s), C s) 

entail EQVAL(to, s). 

Proof. We prove that, whenever F has order < to and F hs Af = A^ : T, then 
F hs M : T and F hs TV : T, by induction on the derivation of T\-, M ^ N : T. 
Suppose the last step in the derivation is 

, Fth, F = G::A A Ih T kind 

(const_cq ) 

F h, cF = cG : {F/A}T 

where we have (c : (A)T) G s. Let s = si, c : (A)T, S2, where c : (A)r does not 
occur in S2. 

The induction hypothesis gives F Ih^j F :: A, and so F h^ cF : {F / A}T by 
(const). 

The induction hypothesis also gives F hs^ Gi : {F/AjXi, where iiTi is the 
zth kind in A. By Context Validity, we also have 

xi : Ki, . . . ,Xi^i : Ki^i Ih^i Ki kind . 

Using GFUNCEQ (m, < o{s), E s), we have F Ih^^ {F/A}Ki = {G/A}K„ and 
so, using CC (m, < o{s) — 1, E s), 

F h,, G, : {G/A}i^, , 

that is, F Ihsi G :: A. Therefore, F h, cG : {G/AjT by (const). 

The case (vareq) is similar, using GFUNCEQ (m, < tti — 1, s) and 
CC(m, < TO - 2, s). 

Suppose s = si, (A)(M — N : T),S2, and the last step in the derivation is 

,Flb, F::A A h^, M : T A h„ A^ : T 

(eq) 

F hs {F/A}Af = {F/A}N : {F/AjT 

By CUT (< max(TO, o{s)), < o{s), E s), we have F h^^ {F/A}Af : {F/AjT and 
F K, {F/A}7V : {F/A}r. 
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We can now use these seven results to prove Theorem lB.il Firstly, note that 
(1) and (2) imply 

GFUNC (m, 0, s) A CUT (to, 0, s) 

for every to and s. Therefore, by (4), GFUNCEQ (to, 0, s) holds for every to 
and s. 

Our goal is to prove the following: 

EQVAL (2, s) A FUNC (2, 1, s) A CUT (2, 1, s) A CC (2, 1, s) . 

The proof is by induction on the length of s. Suppose, as induction hypothesis, 

EQVAL (2, C s) A FUNC (2, 1, E s) A CUT (2, 1, E s) A CC (2, 1, E s) . 

Then the following hold: 



CC(2,<l,Es) 


(by®) 


EQVAL (2, s) 


(by®) 


FUNC(2,0,s) 


(by®) 


FUNCEQ(2,0,s) 


(by ®) 


GFUNC(2,l,s) 


(by O) 


FUNC(2,l,s) 


(by ®) 


CUT(2,l,s) 


(by 0) 


GFUNCEQ (2, l,s) 


(by O) 


FUNCEQ(2,l,s) 


(by®) 



This completes the induction. 

It does not seem possible to use the same method to prove that, if every 
declaration in T is of order < 3, then T is 3-good. As noted in the proof, we have 
GFUNC (m, 0, s), CUT (to, 0, s) and GFUNCEQ (to, 0, s). It is also possible to 
prove directly, by an induction on derivations, that CC (tti, 0, s) holds for all to 
and s. We are then stuck: for o{s) — 2, we have the circle of implications 

EQVAL (3, s) => FUNCEQ (3, 0, s) ^ GFUNC (3, 1, s) A CUT (3, 1, s) 
=> GFUNCEQ (3, 1, s) ^ EQVAL (3, s) 

without any immediate way to prove any of these directly. 

We are thus unable to prove the following statement yet, and present it here 
as a conjecture: 

Conjecture B.2 Every orderable type theory specification is good. 

C. The Strong Normalisability of LF 

Consider the simply typed lambda-calculus (STLC), with the following gram- 
mar: 

Type A ::= * \ A^ A 

Term M ::= x \ \x : A.M I MM 
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We shall use the fact that every term typable in STLC is strongly /Jry-normalising 
to prove that every object typable in LF is strongly /^ry-normalising. 

Define a translation |] that maps every kind of LF to a type of STLC, every 
object of LF to a term of STLC, and every context of LF to a context of STLC, 
as follows: 

[Type] = * 

[El(fc)] ^ * 

l{x:K)K'] EE m^lK'j 

l[x:K]kl EE Ax:|i^l.Ifc] 

Ixi : Ki,...,Xn ■■ Knj EE xi : {Kij , . . . , a;„ : {Knl 
The key step in this proof is to realise the following fact about this translation: 

Lemma C.l Under an arbitrary type theory specification in LF, if T \- K = 

K', then {K\ ee {K'\. 

Proof. The proof is a simple induction on derivations. 
Using this lemma, we can establish the following: 

Lemma C.2 Suppose F h fc : K . Let Ci, . . . , c„i he the constants that occur 
in k, and let them he declared with kinds 

C\ . jV 1 , . . . , Cfn , I\jn . 

Then 

ci:lKil,...,c,„:|if„],lrlhIfcl:|ifl 

in STLC. 

Proof. The proof is by induction on the derivation oi T \- k : K. 
Lemma C.3 If k and k' are LF-ohjects and k —>f3ri k' , then |fc] ~>fj-q |fc']. 
Proof. We first estabhsh the fact that 

i[k/x]k'j EE m /^] Wi 

by induction on k' . Now, if fc = {[x : K]ki)k2 and k' = [k2/x]ki, then 

Ikj EE (Ax : IK] . [fcl]) [fel ^/3 [[fel /X] [fcl] EE Ik'j . 

The other cases are similar. 
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These allow us to prove the theorem we want: 

Theorem C.4 Under an arbitrary type theory specification in LF, if T h k : 
K , then k is strongly Prj-normalising. 

Proof. Suppose k -^pn fci -^fin ^2 ^fSn • • • is an mfinite reduction sequence. 
By Lemma FC. 21 we have that |fc] is typable in STLC under some context; and 
by Lemma IC. 31 we have that 

M ^dv [fcl] ^Pn 1^2] ^I3r, ■ ■ ■ 

is an infinite reduction sequence. This contradicts the fact that STLC is strongly 
normalising. 
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